Cookie Policy
What cookies velixir uses on velixir.net and the dashboard, and how to manage them.
Last updated . Operated by velixir Ltd (company no. 17240244, registered in England & Wales).
1. What cookies are
Cookies are small text files set by websites in your browser. Some are strictly necessary for the site to work (signing in, remembering your shopping cart equivalent); others are used for analytics or advertising. velixir doesn't use analytics or advertising cookies.
2. The cookies velixir sets
We only use strictly-necessary cookies. None are set for analytics, advertising, or third-party tracking on our public marketing pages.
| Cookie | Purpose | Duration |
|---|---|---|
.AspNetCore.Identity.Application | Authentication session - keeps you signed in across pages | 14 days (sliding) |
.AspNetCore.Antiforgery.* | CSRF protection - paired with form anti-forgery tokens to defeat cross-site request forgery | Session |
.AspNetCore.Identity.External | Temporary cookie set during OAuth sign-in (GitHub / Google) | Cleared after sign-in completes |
.AspNetCore.Identity.TwoFactorUserId | Holds your identifier between password step and 2FA challenge | 5 minutes |
.AspNetCore.Identity.TwoFactorRemember | “Remember this device for 2FA” option | 30 days (if opted in) |
Because all of these are strictly necessary for the Service to function, we don't request consent for them under the UK Privacy and Electronic Communications Regulations (PECR) - that's the regulator's published guidance.
3. Third-party cookies (loaded only when needed)
A handful of third-party cookies are loaded on specific pages:
- Stripe - when you visit the billing page or a Stripe Checkout page. Used for fraud detection (Radar). See Stripe's cookie settings.
- hCaptcha - on the sign-up and forgot-password forms only. Used to verify you're not a bot. See the hCaptcha privacy notice.
- GitHub / Google - only when you start an OAuth sign-in flow with those providers.
- Cloudflare - may set a
__cf_bmbot-management cookie on certain requests routed through their edge.
4. Managing cookies
You can clear cookies via your browser's privacy settings. Note that blocking the authentication session cookie will make signing in impossible, and blocking anti-forgery cookies will break form submissions. Browser manufacturers publish step-by-step guides:
5. Do Not Track
We don't currently respond to Do Not Track signals - DNT is no longer maintained by major browsers and was never ratified as a standard. Since we don't track you for advertising or analytics in the first place, the practical effect on your privacy is the same.
6. Changes
We'll update this page when our cookie usage changes. The “Last updated” date at the top reflects the current revision.
7. Contact
Questions? [email protected].